Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

audit_rules_privileged_commands rule is failing in ANSSI NT28 High profile evaluation #11103

Closed
cortesana opened this issue Sep 8, 2023 · 4 comments
Closed

audit_rules_privileged_commands rule is failing in ANSSI NT28 High profile evaluation #11103

cortesana opened this issue Sep 8, 2023 · 4 comments
Assignees
@marcusburghardt
Labels
productization-issue Issue found in upstream stabilization process. RHEL7 Red Hat Enterprise Linux 7 product related.

Comments

@cortesana
Copy link
Contributor

Description of problem:

The audit_rules_privileged_commands rule is failing in tests during ANSSI NT28 High profile evaluation.

SCAP Security Guide Version:

Current upstream master branch as of 2023-09-04

Operating System Version:

RHEL 7

Steps to Reproduce:

  1. oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_anssi_nt28_high --progress --report report.html --results results.xml --oval-results contest-ds.xml

Actual Results:

xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands:fail
2023-09-02 11:24:57 test.py:71: lib.results.report_plain:171: FAIL audit_rules_privileged_commands
W: oscap:     Obtrusive data from probe!

Expected Results:

xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands:pass
2023-09-02 11:24:57 test.py:71: lib.results.report_plain:171: PASS audit_rules_privileged_commands

Additional Information/Debugging Steps:
@cortesana cortesana added productization-issue Issue found in upstream stabilization process. RHEL7 Red Hat Enterprise Linux 7 product related. labels Sep 8, 2023
@cortesana cortesana changed the title audit_rules_privileged_commands audit_rules_privileged_commands rule is failing in ANSSI NT28 High profile evaluation. Sep 8, 2023
@jan-cerny jan-cerny changed the title audit_rules_privileged_commands rule is failing in ANSSI NT28 High profile evaluation. audit_rules_privileged_commands rule is failing in ANSSI NT28 High profile evaluation Sep 11, 2023
@jan-cerny
Copy link
Collaborator

the specific test is: /CoreOS/scap-security-guide/hardening/ansible/anssi_nt28_high

@jan-cerny
Copy link
Collaborator

I suspect that this might be closely related to issue #11104 which appeared at the same productization run. I think so because issue #11104 is about mount options such as noexec, nosuid and the OVAL in rule audit_rules_privileged_commands heavily depends on partitions with these options.

@jan-cerny
Copy link
Collaborator

Both this issue and #11104 appear in the same test (/CoreOS/scap-security-guide/hardening/ansible/anssi_nt28_high).

@jan-cerny jan-cerny mentioned this issue Sep 13, 2023
Closed
@marcusburghardt marcusburghardt self-assigned this Sep 19, 2023
@marcusburghardt
Copy link
Member

It is not longer present in the last productization review. It was likely fixed by #11117

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marcusburghardt marcusburghardt

Labels
productization-issue Issue found in upstream stabilization process. RHEL7 Red Hat Enterprise Linux 7 product related.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@marcusburghardt @jan-cerny @cortesana